[英]IBM Informix How to pass string value in parameter
有人可以幫我為Informix db創建正確的SQL查詢嗎? 我具有要按照Informix文檔中所述從字符串准備SQL查詢的功能
CREATE FUNCTION somefunction( stringval VARCHAR( 32 )) RETURNING INT;
DEFINE c_query varchar(250);
LET c_query = 'select first 1 someid, somevalue from sometable where sname= '||stringval||' order by somevalue;
PREPARE c_stmt
FROM c_query;
DECLARE c_cur CURSOR FOR c_stmt;
OPEN c_cur ;
FETCH c_cur INTO sp_id ;
CLOSE c_cur;
FREE c_cur;
FREE c_stmt;
RETURN sp_id;
END FUNCION;
當我嘗試對其進行測試時,我將其調用如下:
SELECT * FROM table(functionname('fo'))
但不幸的是,我收到帶有文本的錯誤消息:
Column (fo) not found in any table in the query (or SLV is undefined).
我究竟做錯了什么?
如果要與fo
的名稱相對應的數字,則必須將其用引號引起來,這又意味着您需要對字符串中的引號進行轉義。 您需要閱讀有關SQL注入的信息,因為您提出的內容很容易受到SQL注入的攻擊。
如果練習的目的是使顯示的查詢得到執行,則應使用:
CREATE FUNCTION somefunction(stringval VARCHAR(32)) RETURNING INT;
DEFINE sp_id INTEGER;
SELECT FIRST 1 someid
INTO sp_id
FROM sometable
WHERE sname= stringval
ORDER BY somevalue;
RETURN sp_id;
END FUNCTION
如果練習的目的是使用動態SQL,則應考慮使用占位符,如下所示:
CREATE FUNCTION somefunction(stringval VARCHAR(32)) RETURNING INT;
DEFINE sp_id INTEGER;
DEFINE c_query varchar(250);
LET c_query = 'SELECT FIRST 1 someid FROM sometable WHERE sname = ? ORDER BY somevalue';
PREPARE c_stmt FROM c_query;
DECLARE c_cur CURSOR FOR c_stmt;
OPEN c_cur USING stringval;
FETCH c_cur INTO sp_id;
CLOSE c_cur;
FREE c_cur;
FREE c_stmt;
RETURN sp_id;
END FUNCTION
在您的桌上未經測試。 我測試的代碼是:
CREATE FUNCTION atomic_number(symbol VARCHAR(3)) RETURNING INTEGER;
DEFINE num INTEGER;
SELECT atomic_number INTO num FROM elements AS e WHERE e.symbol = symbol;
RETURN num;
END FUNCTION
和:
CREATE FUNCTION atomic_number(symbol VARCHAR(3)) RETURNING INTEGER;
DEFINE num INTEGER;
DEFINE c_query varchar(250);
LET c_query = 'SELECT FIRST 1 atomic_number FROM elements WHERE symbol = ? ORDER BY atomic_number';
PREPARE c_stmt FROM c_query;
DECLARE c_cur CURSOR FOR c_stmt;
OPEN c_cur USING symbol;
FETCH c_cur INTO num;
CLOSE c_cur;
FREE c_cur;
FREE c_stmt;
RETURN num;
END FUNCTION
這些針對具有結構的“元素表”(如“周期表”)運行:
CREATE TABLE elements
(
atomic_number INTEGER NOT NULL PRIMARY KEY
CHECK (atomic_number > 0 AND atomic_number < 120),
symbol CHAR(3) NOT NULL UNIQUE,
name CHAR(20) NOT NULL UNIQUE,
atomic_weight DECIMAL(8, 4) NOT NULL,
pt_period SMALLINT NOT NULL
CHECK (pt_period BETWEEN 1 AND 7),
pt_group CHAR(2) NOT NULL
-- 'L' for Lanthanoids, 'A' for Actinoids
CHECK (pt_group IN ('1', '2', 'L', 'A', '3', '4', '5', '6',
'7', '8', '9', '10', '11', '12', '13',
'14', '15', '16', '17', '18')),
stable CHAR(1) DEFAULT 'Y' NOT NULL
CHECK (stable IN ('Y', 'N'))
);
INSERT INTO elements VALUES( 1, 'H', 'Hydrogen', 1.0079, 1, '1', 'Y');
…
INSERT INTO elements VALUES(118, 'Og', 'Oganesson', 294.2100, 7, '18', 'N');
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.